CVE-2024-47554 reported against commons-io shaded in velocity

Install java, groovy and native applications as services or daemons

Brought to you by: john1900, rzorzorzo

#212 CVE-2024-47554 reported against commons-io shaded in velocity

Milestone: All

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2025-05-21

Created: 2025-04-29

Creator: Christoph Seibert

Private: No

yajsw-stable-13.14/lib/extended/velocity/velocity-engine-core-2.3.jarcontains shaded classes from commons-io that contain a vulnerability.
The shaded classes were removed in Velocity 2.4 (and the current version 2.4.1) as per https://issues.apache.org/jira/browse/VELOCITY-972. Please update the dependency.

Discussion

rzo - 2025-05-21

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

rzo - 2025-05-21

release 13.15

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CVE-2024-47554 reported against commons-io shaded in velocity

Install java, groovy and native applications as services or daemons

Group

Searches

Help

#212 CVE-2024-47554 reported against commons-io shaded in velocity

Discussion